Information Security

main content

We recognise the importance of information as a corporate asset. 

Our Information Security policy:

  • Allows appropriate people access to information when and where they need it
  • Maintains integrity (accuracy and security) of information we hold
  • Maintains appropriate levels of confidentiality 
  • Reduces the risks posed by poor information management
  • Ensures we abide by our legal and regulatory responsibilities
  • Makes our staff and students aware of their responsibilities towards information security/management

The principles of our Information Security policy are:

  • Ensuring that we (the University) follow all legal requirements
  • Ensuring the availability, confidentiality and integrity of all information we hold
  • Ensuring that our staff, students and partners understand their responsibilities towards information security
  • Maintaining a risk-aware approach that reduces any unacceptable risks

Our Information Security policy is an overarching policy. We have summarised the contents of the policy here. You can download the Information Security Policy and other related policies below. 


Summary of Information Security policy

1. General

  1. You should use our computing facilities in a way which is:
    • ethical
    • legal
    • appropriate to the University's aims 
    • not detrimental to others
  2. We reserve the right to monitor, filter and/or deny access to our systems.
  3. You must tell us about any loss or compromise of any device containing University data.
  4. You must not share your username or password, or login to anyone else’s account.

2. Device connection

  1. You may connect a University laptop or PC to the University network.
  2. You may connect your own personal device to eduroam wireless network.

A University laptop or PC is one which University IT staff order and set up for you.

A personal device is a laptop, phone or tablet which you buy and bring to campus yourself.

Contact us if you wish to connect any other device to the University network. You must have a valid reason for this. We reserve the right to refuse connection.


3. Device maintenance

All devices used to access University data must:

  1. Have an up-to-date anti-virus application installed and configured.
  2. Have the latest operating systems and browser security updates installed.
  3. Only run legitimate, licensed software.

4. Personal devices

As well as the above, if using a personal device you must:

  1. Enable your device's security features.
  2. Accept that we may scan and/or monitor your device whenever you use it to connect to our network.
  3. Wipe the device of all data before selling or transferring it to a third party.

5. Sensitive data

For data that is sensitive, personal, confidential or commercially valuable, you must:

  1. Reduce the need to hold such data on any device.
  2. Encrypt the data before storing or sharing it.
  3. Never make the data available to the public, or share it on a social networking site.

Lost and stolen devices

You must tell us if you lose your device, or if you think someone has stolen it. Fill in the Lost or Stolen Devices form and send it to the IT Helpdesk.


Training

Information Security training is available from the Development and Training Gateway.


More information

Please contact us if you would like to know more.

You may also want to read: